1. Field of the Invention
The present invention relates to systems and methods for detecting a security breach in a computer system.
2. Discussion of the Background
Standard methods for computer system security include passwords and other authorization tokens, use of encryption, and permission checking systems. In such standard methods, “security markers” (e.g., checksums, digital signatures, and permission levels) and “security properties” (e.g., an exact match between a data item that is supposed to be immutable and a hidden copy of that data item) can be used to validate the integrity of data and of the security system. However, all methods have flaws and costs. In practice, no security system is 100% effective.
The “defense in depth” concept of computer system security provides a series of barriers and counter-checks to decrease the probability of a successful compromise and to increase the probability of early detection that can lead to some reaction—such as a system halt, safe-restart, or a counter-measure against the attacker.
The more complex a security system is, the greater the difficulty in validating the implementation and design and the higher the cost in terms of computing resources and the engineering investment needed to construct and maintain the system. Different applications can realistically support different levels of security costs. For example, software controlling remote power transmission equipment is severely cost and resource constrained.
What is needed are system and methods for improving security that do not impose unrealistic costs and that can be scaled to different applications.